From owner-cvs-src-old@FreeBSD.ORG Sat Feb 7 13:23:08 2009 Return-Path: Delivered-To: cvs-src-old@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 039A01065672 for ; Sat, 7 Feb 2009 13:23:08 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id E0EF58FC0C for ; Sat, 7 Feb 2009 13:23:07 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n17DN7P6058878 for ; Sat, 7 Feb 2009 13:23:07 GMT (envelope-from bz@repoman.freebsd.org) Received: (from svn2cvs@localhost) by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n17DN76b058877 for cvs-src-old@freebsd.org; Sat, 7 Feb 2009 13:23:07 GMT (envelope-from bz@repoman.freebsd.org) Message-Id: <200902071323.n17DN76b058877@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: svn2cvs set sender to bz@repoman.freebsd.org using -f From: "Bjoern A. Zeeb" Date: Sat, 7 Feb 2009 13:19:08 +0000 (UTC) To: cvs-src-old@freebsd.org X-FreeBSD-CVS-Branch: RELENG_7 Subject: cvs commit: src UPDATING src/etc/defaults rc.conf src/lib/libc/sys cpuset_getaffinity.2 jail.2 src/lib/libkvm kvm_proc.c src/share/man/man4 ddb.4 src/sys/compat/freebsd32 freebsd32.h freebsd32_misc.c syscalls.master src/sys/kern kern_cpuset.c ... X-BeenThere: cvs-src-old@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Feb 2009 13:23:08 -0000 bz 2009-02-07 13:19:08 UTC FreeBSD src repository Modified files: (Branch: RELENG_7) . UPDATING etc/defaults rc.conf lib/libc/sys cpuset_getaffinity.2 jail.2 lib/libkvm kvm_proc.c share/man/man4 ddb.4 sys/compat/freebsd32 freebsd32.h freebsd32_misc.c syscalls.master sys/kern kern_cpuset.c kern_exit.c kern_fork.c kern_jail.c uipc_socket.c sys/net if.c rtsock.c sys/netinet in_pcb.c raw_ip.c sctp_pcb.c sctp_usrreq.c tcp_usrreq.c udp_usrreq.c sys/netinet6 in6_pcb.c in6_src.c raw_ip6.c udp6_usrreq.c sys/security/mac_bsdextended mac_bsdextended.c sys/sys cpuset.h jail.h param.h usr.bin/cpuset cpuset.1 cpuset.c usr.sbin/jail Makefile jail.8 jail.c usr.sbin/jexec Makefile jexec.8 jexec.c usr.sbin/jls Makefile jls.8 jls.c Log: SVN rev 188281 on 2009-02-07 13:19:08Z by bz MFC: r185435: This enhances the current jail implementation to permit multiple addresses per jail. In addtion to IPv4, IPv6 is supported as well. Due to updated checks it is even possible to have jails without an IP address at all, which basically gives one a chroot with restricted process view, no networking,.. SCTP support was updated and supports IPv6 in jails as well. Cpuset support permits jails to be bound to specific processor sets after creation. Jails can have an unrestricted (no duplicate protection, etc.) name in addition to the hostname. The jail name cannot be changed from within a jail and is considered to be used for management purposes or as audit-token in the future. DDB 'show jails' command was added to aid debugging. Proper compat support permits 32bit jail binaries to be used on 64bit systems to manage jails. Also backward compatibility was preserved where possible: for jail v1 syscalls, as well as with user space management utilities. Both jail as well as prison version were updated for the new features. A gap was intentionally left as the intermediate versions had been used by various patches floating around the last years. Bump __FreeBSD_version for the afore mentioned and in kernel changes. r185441: Unbreak the no-networks (no INET/6) build. r185899: Correctly check the number of prison states to not access anything outside the prison_states array. When checking if there is a name configured for the prison, check the first character to not be '\0' instead of checking if the char array is present, which it always is. Note, that this is different for the *jailname in the syscall. Found with: Coverity Prevent(tm) CID: 4156, 4155 r186085: Make sure that the direct jls invocations prints something reasonable close to and in the same format as it had always. r186606: Make sure that unused j->ip[46] are cleared. r186834: Document the special loopback address behaviour of jails. PR: kern/103464 r186841: Put the devfs ruleset next to devfs enable, add a comment about the suggested ruleset[1]. While here use an IP from the 'test-net' prefix for docs. PR: kern/130102 r187059: Add a short section talking about jails and file systems; mention the mountand jail-aware file systems as well as quota. PR: kern/68192 r187092: Sort .Xr. r187365: s,unmount 8,umount 8, it is unmount(2) which I did not mean. r187669: Update the description of the '-h' option wrt to primary addresses per address family and add a reference to the ip-addresses option. r187670: New sentence starts on a new line. Revision Changes Path 1.507.2.18 +6 -0 src/UPDATING 1.318.2.14 +3 -2 src/etc/defaults/rc.conf 1.2.2.3 +2 -2 src/lib/libc/sys/cpuset_getaffinity.2 1.28.10.1 +34 -7 src/lib/libc/sys/jail.2 1.94.2.1 +3 -2 src/lib/libkvm/kvm_proc.c 1.42.2.8 +11 -1 src/share/man/man4/ddb.4 1.6.2.2 +18 -0 src/sys/compat/freebsd32/freebsd32.h 1.67.2.9 +61 -0 src/sys/compat/freebsd32/freebsd32_misc.c 1.91.2.9 +1 -1 src/sys/compat/freebsd32/syscalls.master 1.13.2.2 +111 -4 src/sys/kern/kern_cpuset.c 1.304.2.4 +5 -0 src/sys/kern/kern_exit.c 1.282.2.7 +6 -0 src/sys/kern/kern_fork.c 1.70.2.6 +878 -69 src/sys/kern/kern_jail.c 1.302.2.13 +4 -0 src/sys/kern/uipc_socket.c 1.273.2.8 +1 -1 src/sys/net/if.c 1.143.2.4 +149 -12 src/sys/net/rtsock.c 1.196.2.17 +111 -52 src/sys/netinet/in_pcb.c 1.180.2.10 +20 -26 src/sys/netinet/raw_ip.c 1.62.2.12 +15 -20 src/sys/netinet/sctp_pcb.c 1.48.2.11 +56 -21 src/sys/netinet/sctp_usrreq.c 1.163.2.7 +10 -2 src/sys/netinet/tcp_usrreq.c 1.218.2.10 +9 -5 src/sys/netinet/udp_usrreq.c 1.84.2.12 +88 -23 src/sys/netinet6/in6_pcb.c 1.46.2.7 +21 -0 src/sys/netinet6/in6_src.c 1.73.2.10 +13 -0 src/sys/netinet6/raw_ip6.c 1.81.2.11 +14 -0 src/sys/netinet6/udp6_usrreq.c 1.39.2.4 +1 -0 src/sys/security/mac_bsdextended/mac_bsdextended.c 1.7.2.2 +6 -0 src/sys/sys/cpuset.h 1.29.2.3 +82 -7 src/sys/sys/jail.h 1.308.2.21 +1 -1 src/sys/sys/param.h 1.3.2.3 +9 -5 src/usr.bin/cpuset/cpuset.1 1.5.2.2 +13 -7 src/usr.bin/cpuset/cpuset.c 1.10.10.1 +6 -0 src/usr.sbin/jail/Makefile 1.84.2.1 +68 -7 src/usr.sbin/jail/jail.8 1.25.2.1 +237 -15 src/usr.sbin/jail/jail.c 1.2.2.1 +2 -0 src/usr.sbin/jexec/Makefile 1.4.2.1 +32 -3 src/usr.sbin/jexec/jexec.8 1.4.2.1 +177 -5 src/usr.sbin/jexec/jexec.c 1.1.22.1 +2 -0 src/usr.sbin/jls/Makefile 1.1.22.1 +29 -5 src/usr.sbin/jls/jls.8 1.5.2.1 +195 -21 src/usr.sbin/jls/jls.c